← R.CAUDLE · Riverman
The SHIP Framework™
Rev 01 · 2026.05.11
Framework · 4 steps · Industrial network design
The SHIP Framework™
Industrial network design methodology.
Most plant networks weren't designed — they accumulated. Daisy chains. Unmanaged switches. Forty years of bandaids on bandaids. SHIP is what you do when you finally decide to design the thing.
Four steps: Standardize, Harden, Isolate, Protect. Building networks that actually serve the people who depend on them.
Originated by River Caudle
One protocol to rule them all
What it means
- Converge on EtherNet/IP — eliminate protocol chaos with standardized industrial Ethernet
- Adopt CPwE architecture — proven Converged Plantwide Ethernet design patterns
- Implement TSN standards — prepare for deterministic networking (IEEE 802.1)
- Standardize documentation — every device, every VLAN, every cable, current
Maturity levels
- L1 — multiple protocols, vendor lock-in, no standards
- L2 — moving toward EtherNet/IP, some standardization
- L3 — standardized on EtherNet/IP with CPwE principles
- L4 — TSN-ready with comprehensive standards documentation
"If you can't explain your network on one page, it's too complex."
Networks that don't break at 2 AM
What it means
- Resilient topologies — ring and redundant star over daisy chains
- Managed industrial switches — STP, QoS, IGMP snooping as standard
- Environmental protection — MICE-rated components for harsh environments
- Redundant power — UPS sized for graceful shutdown, not indefinite runtime
Maturity levels
- L1 — daisy chain, unmanaged switches
- L2 — some managed switches, basic redundancy
- L3 — ring topology with DLR/REP, industrial-grade equipment
- L4 — redundant everything, environmental monitoring, predictive maintenance
"Your network should survive a forklift, not just a reboot."
Build walls where they matter
What it means
- Network segmentation — VLANs to separate functional areas and criticality levels
- Industrial DMZ (IDMZ) — secure buffer zone between OT and IT
- Cell-level independence — each production cell operates autonomously
- Controlled inter-cell communication — designed paths between isolated systems
Maturity levels
- L1 — flat network, no segmentation
- L2 — basic VLAN segmentation
- L3 — IDMZ implemented, functional area separation
- L4 — micro-segmentation with automated enforcement
"If one device getting compromised takes down your entire plant, you failed at isolation."
Security that actually works
What it means
- Zero Trust OT — authenticate every device, encrypt every conversation
- Continuous monitoring — real-time visibility into every network conversation
- Incident response — OT-specific playbooks that don't assume you can "just patch it"
- Physical security — lock your network cabinets like you lock control rooms
Maturity levels
- L1 — "air gap" security (hope and prayers)
- L2 — basic firewall, antivirus on HMIs
- L3 — comprehensive monitoring, incident response plan
- L4 — Zero Trust implementation, continuous security validation
"Security that breaks operations isn't security — it's sabotage."
§ Implementation Roadmap
Sixteen+ months. Four phases. Start with Standardize.
You cannot Protect what you didn't Isolate, you cannot Isolate what you didn't Harden, and you cannot Harden what you didn't Standardize. The order matters.
Phase 01Months 1–3
Foundation
Focus · Standardize & document
- Complete network discovery and documentation
- Standardize on EtherNet/IP for new installations
- Implement basic VLAN segmentation
Success metric · A one-page network diagram that's actually accurate
Phase 02Months 4–9
Resilience
Focus · Harden infrastructure
- Replace unmanaged switches with industrial managed switches
- Implement ring topologies for critical areas
- Deploy redundant power and environmental monitoring
Success metric · Zero unplanned downtime from network failures
Phase 03Months 10–15
Security
Focus · Isolate & Protect
- Deploy Industrial DMZ (IDMZ)
- Implement continuous monitoring
- Deploy endpoint protection for critical systems
Success metric · Detect and contain security incidents within 15 minutes
Phase 04Months 16+
Optimization
Focus · Advanced capabilities
- TSN implementation for time-critical applications
- Predictive analytics for network health
- Advanced automation and orchestration
Success metric · The network actively improves operations instead of just supporting them
First 30 days · immediate
- Document what you have — create that one-page network diagram
- Lock network cabinets — physical security costs almost nothing
- Replace the worst switch — the one everyone knows is problematic
- Basic VLAN separation — separate IT traffic from OT traffic
Months 1–3 · high-impact, low-cost
- Standardize naming conventions — make troubleshooting faster
- Deploy managed switches strategically — start with critical areas
- Implement basic monitoring — know when things break before production notices
- Create emergency procedures — what to do when networks fail
What doesn't work
- Starting with Protect — security without foundation fails
- Over-engineering — perfect is the enemy of functional
- Ignoring operations — solutions that break workflows get bypassed
- All-or-nothing approach — gradual improvement beats grand plans
What does work
- Start with Standardize — foundation enables everything else
- Build credibility first — quick wins enable bigger projects
- Include operations from day one — they have to live with your decisions
- Iterate and improve — good enough that gets implemented beats perfect that doesn't
"SHIP isn't just about building better networks — it's about building networks that actually serve the people who depend on them."